Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
The move to “infrastructure as a service” cloud computing platforms brings flexible computing that realizes economies of scale. Cloud computing also brings with it new security challenges. To make better use of resources, cloud computing providers may multiplex several virtual machines from different clients on a single physical machine. This may open the danger of side channel attacks from malicious clients. In particular, side channel timing attacks use timers to glean information from the processing times of co-resident processes—for example, using the elapsed time for key hashing to determine properties of that key. Such attacks may steal keys from widely used encryption standards. The timing may also provide information on keystroke timing to extract passwords as well as count users, and the like. Timing may further be used to detect colocation with a target, one of the three steps to execute a datacenter attack. This may be done by observing the timing associated with various cache or branch hardware to detect signature computing patterns and timing.
As cloud computing platforms become more prevalent, new security challenges arise. Many cloud computing providers multiplex several virtual machines from different clients on a single physical machine, to take advantage of the power of modern processors, memory, and hardware architectures. However, such resource sharing may facilitate side-channel attacks, where a malicious process operating on shared hardware gather information about other, co-resident processes.